ec301 chapter 6
DESCRIPTION
EC301 Computer Network FundamentalChapter 6: Basic SecurityTRANSCRIPT
1
EC301 : Computer Network Fundamental
Noted prepared by:Pn. Wan Fazlini Idayu binti Wan
Fakari
Chapter 6: Basic Security
2
CLO 4: you should be able to create a simple network connection using Wireless Local Area Network (WLAN) in accordance to IEEE 802.11 protocols. (P7)note: C4 =P7=origination
• Chapter 6 will appear in:-– Lab (5)– Quiz (5)
3
6.1 Network Threats
Risks of network intrusion Once the hacker gains access to the network, four types of threat may arise:
– Information theft Breaking into a computer to obtain confidential information. Information can be used or sold for various purposes.
– Identity theft A form of information theft where personal information is stolen for the purpose of taking over someone's identity.
Risks of network intrusion
– Data loss / manipulation Breaking into a computer to destroy or alter data records.
– Disruption of service Preventing legitimate users from accessing services.
Sources of network intrusion
External Threats
– External threats arise from individuals working outside of an organization
– They do not have authorized access to the computer systems or network.
Internal Threats
– occur when someone has authorized access to the network through a user account or have physical access to the network equipment.
Sources of network intrusion
Scenario
– There are three hosts connected via a switch. A hacker working from inside the building is attempting to access the network, via the switch.
– A hacker is working from his home. The hacker connects to the server via the Internet, and performs an attack on the server, causing it to stop working, or become unavailable.
Social engineering The ability of someone or something to influence behavior of a group of people. Used to deceive internal users to get confidential information. Hacker takes advantage of legitimate users
Forms of Social Engineering Pretexting– Typically accomplished over the phone – scenario used on the victim to get them to release confidential
information– gaining access to your social security number
Phishing– typically contacted via email– attacker pretends to represent legitimate organization
Vishing/Phone Phising– User sends a voice mail instructing them to call a number which
appears to be legitimate– Call intercepted by thief
10
6.2 Methods of attacks
Methods of Attack Virus– runs or spreads by modifying other programs or files– needs to be activitated– cannot start by itself
Worms– similar to virus– does not attach itself to an existing program– no human activation needed
Trojan Horse– appears harmless– deceives the victim into initiating the program
DoS (Denial of Service) Attacks Intended to deny services to users
– floods network with traffic– disrupts connections between client and server
Types of DoS Attacks
– SYN (synchronous) Floodingpackets sent with invalid IP addressesserver tries to respond
– Ping of Death larger packet size sent than allowed leads to system crashing
DoS (Denial of Service) Attacks
DDoS (Distributed Denial of Service) Attack more sophisticated than DoS overwhelms networks with useless data simultaneously
Brute Force Attack
Fast PC used to try and guess passwords or decipher data Attacker tries a large number of possibilities rapidly
Spyware Program that gathers personal information from your PC without permission Information sent to advertisers Usually installed unknowingly when downloading a file Can slow down performance of the PC
Spyware
cookies, adware, and Pop-up Cookies
– Not always bad . – Used to record information about the user when visiting
web sites. Adware
– collects information based on sites visited– useful for target advertising
Pop- Ups
– additional ads displayed when visiting a site– pop-ups – open in front of browser– pop-under – open behind browser
cookies, adware, and Pop-up
Spam Unwanted bulk e-mail Information sent to as many end users as possible Can overload servers, ISPs, etc. Estimated every Internet user receives over 3000 email
per year
21
6.3 Security Policy
Bersambung 20/9/2012…
Common security measures Identification and Authentication Policies
– only authorized persons should have access to network and its resources (including access to physical devices)
Password Policies
– Must meet minimum requirements– Change passwords regularly
Acceptable Use Policies
– Determine which applications are acceptable Remote Access Policies
– Explanation of how remote users can access the network
Common security measures Network Maintenance Procedures– Explanation of update procedures
Incident Handling Procedures– How incidents involving security will be handled
Update software patches
Use of updates and patches makes it harder for the hacker to gain access. Updates
– Includes additional functionality Patches
– Small piece of “code” used to fix the problem
Antivirus latest patterns
Any device connected to a network is susceptible to viruses
Warning signs of a virus:– computer acts abnormal– sends out large quantities of email– high CPU usage
Some Anti-virus programs– Email checking– Dynamic scanning
checks files when accessed– Scheduled scans– Automatic updates
Firewall
Used to control traffic between network Methods of a Firewall:
– Packet filteringbased on IP or MAC address
– Application/Web site filteringbased on the application or website being used
– SPIC (Stateful Packet Inspection)incoming packets must be legitimate responses to
requests from hosts
27
Homework
1. Describe risks of network intrusion.2. Describe Viruses, Worms and Trojan
Horses.3. Explain denial of service and brute
force attacks.4. Differentiate Spyware, Tracking,
Cookies, Adware and Pop-Up.
*Submit today before 3.30 p.m